[pve-devel] [PATCH] optimize bridge chains

Dietmar Maurer dietmar at proxmox.com
Tue Feb 25 12:03:35 CET 2014


Just noticed that you still jump to vmbr0-IN instead of using 'RETURN'

exists tap100i0-OUT (OJ24RKwkwqb9Xm9aIuRWjhQ1BL4)
	-A tap100i0-OUT -m conntrack --ctstate INVALID -j DROP
	-A tap100i0-OUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
	-A tap100i0-OUT -m mac ! --mac-source 0E:0B:38:B8:B3:21 -j DROP
	-A tap100i0-OUT  -j GROUP-group1-OUT
# I thought we now can use RETURN here?
	-A tap100i0-OUT -m mark --mark 1 -g vmbr0-IN
	-A tap100i0-OUT -j LOG --log-prefix "tap100i0-OUT-dropped: " --log-level 4
	-A tap100i0-OUT -j DROP


> -----Original Message-----
> From: Alexandre DERUMIER [mailto:aderumier at odiso.com]
> Sent: Dienstag, 25. Februar 2014 11:22
> To: Dietmar Maurer
> Cc: pve-devel at pve.proxmox.com
> Subject: Re: [pve-devel] [PATCH] optimize bridge chains
> 
> >>can't we jump from PVEFW-FORWARD directly A vmbr0-IN/vmbr0-OUT ?


More information about the pve-devel mailing list